diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:50:36 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:50:39 +0300 |
commit | 80dd048222b9da5199195a1b620cc5b651216fd6 (patch) | |
tree | 619e56c12cbf30f14e1d18dbd55a1a882c2222ee /spec | |
parent | 0d22b9b88888d7c339cd678c3baaa83c25c7ccd7 (diff) |
Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'
[11.6] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2778
(cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c)
e73f2f1d Fix slow project reference pattern regex
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/banzai/filter/project_reference_filter_spec.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/project_reference_filter_spec.rb b/spec/lib/banzai/filter/project_reference_filter_spec.rb index 48140305e26..060a680a996 100644 --- a/spec/lib/banzai/filter/project_reference_filter_spec.rb +++ b/spec/lib/banzai/filter/project_reference_filter_spec.rb @@ -26,6 +26,12 @@ describe Banzai::Filter::ProjectReferenceFilter do expect(reference_filter(act).to_html).to eq(CGI.escapeHTML(exp)) end + it 'fails fast for long invalid string' do + expect do + Timeout.timeout(5.seconds) { reference_filter("A" * 50000).to_html } + end.not_to raise_error + end + it 'allows references with text after the > character' do doc = reference_filter("Hey #{reference}foo") expect(doc.css('a').first.attr('href')).to eq urls.project_url(subject) |